British Standards Institution

Sector: Governance & Resilience

Overview: Under the direction of IST/33, is responsible for the UK input to ISO/IEC JTC 1/SC 27/WG 5 and CEN/CLC/JTC 13/WG 5 whose scope covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics, privacy and the protection of personal data. The scope also includes the preparation, publication, review and revision of relevant British standards.

Committee standards activity

In Progress (22)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
ISO/IEC NP 27566-2	Age assurance systems — Part 2: Technical approaches and guidance for implementation Categories: Information management \| Standardization. General rules Proposal begins : 2024-07-12	Proposal
BS ISO/IEC 29134:2023	Information technology. Security techniques. Guidelines for privacy impact assessment Categories: Approval begins : 2023-05-22	Approval
BS ISO/IEC 29100:2024	Information technology. Security techniques. Privacy framework Categories: Approval begins : 2024-02-22	Approval
BS ISO/IEC 24760-2	IT Security and Privacy — A framework for identity management —. Part 2: Reference architecture and requirements Categories: Comment resolution begins : 2024-07-18	Comment resolution
BS EN ISO/IEC 29151	Information security, cybersecurity and privacy protection – Controls and guidance for personally identifiable information protection Categories: Drafting begins : 2024-10-16	Drafting
BS EN ISO/IEC 29146:2024	Information technology. Security techniques. A framework for access management Categories: Approval begins : 2024-01-29	Approval
BS EN ISO/IEC 29115	Information technology — Security techniques — Entity authentication assurance framework Categories: Drafting begins : 2025-07-28	Drafting
BS EN ISO/IEC 27701:2021	Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines Categories: Approval begins : 2021-04-29	Approval
BS EN ISO/IEC 27701	Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines Categories: Comment resolution begins : 2025-01-29	Comment resolution
BS EN ISO/IEC 27566-3	Age assurance systems — Part 3: Interoperabili ty, technical architecture and guidelines for use Categories: Unclassified documents Proposal begins :	Proposal

Published (26)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 29003:2018	Information technology. Security techniques. Identity proofing Categories: Published standard begins : 2018-04-04	Published standard
PD ISO/IEC TS 27570:2021	Privacy protection. Privacy guidelines for smart cities Categories: Published standard begins : 2021-02-09	Published standard
PD ISO/IEC TS 27560:2023	Privacy technologies. Consent record information structure Categories: Published standard begins : 2023-09-06	Published standard
PD ISO/IEC TR 27563:2023	Security and privacy in artificial intelligence use cases. Best practices Categories: Information technology. General Published standard begins : 2023-06-07	Published standard
PD CEN/CLC/TS 17880:2022	Protection Profile for Smart Meter. Minimum Security requirements Categories: Telecontrol. Telemetering \| \| IT applications. Other Published standard begins : 2023-03-13	Published standard
PD CEN/CLC/TR 17919:2023	Data protection and privacy by design and by default. Technical Report on applicability to the videosurveillance industry. State of the art Categories: Published standard begins : 2023-03-13	Published standard
BS ISO/IEC 29190:2015	Information technology. Security techniques. Privacy capability assessment model Categories: Published standard begins : 2015-08-19	Published standard
BS ISO/IEC 29115:2013	Information technology. Security techniques. Entity authentication assurance framework Categories: Published standard begins : 2013-04-10	Published standard
BS ISO/IEC 27561:2024	Information security, cybersecurity and privacy protection. Privacy operationalisation model and method for engineering (POMME) Categories: Published standard begins : 2024-05-21	Published standard
BS ISO/IEC 27559:2022	Information security, cybersecurity and privacy protection. Privacy enhancing data de-identification framework Categories: Published standard begins : 2022-11-29	Published standard

Withdrawn (13)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
BS ISO/IEC 29184:2020	Information technology. Online privacy notices and consent Categories: Withdrawn begins : 2023-07-24	Withdrawn
BS ISO/IEC 29151:2017	Information technology. Security techniques. Code of practice for personally identifiable information protection Categories: Withdrawn begins : 2022-09-16	Withdrawn
BS ISO/IEC 29146:2016	Information technology. Security techniques. A framework for access management Categories: Withdrawn begins : 2022-11-02	Withdrawn
BS ISO/IEC 29134:2017	Information technology. Security techniques. Guidelines for privacy impact assessment Categories: Withdrawn begins : 2020-04-09	Withdrawn
BS ISO/IEC 29101:2013	Information technology. Security techniques. Privacy architecture framework Categories: Withdrawn begins : 2018-11-30	Withdrawn
BS ISO/IEC 29100:2011+A1:2018	Information technology. Security techniques. Privacy framework Categories: Withdrawn begins : 2020-07-09	Withdrawn
BS ISO/IEC 29100:2011	Information technology. Security techniques. Privacy framework Categories: Withdrawn begins : 2018-07-31	Withdrawn
BS ISO/IEC 27701:2019	Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines Categories: Withdrawn begins : 2021-05-05	Withdrawn
BS ISO/IEC 27018:2014	Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors Categories: \| Withdrawn begins : 2019-01-24	Withdrawn
BS ISO/IEC 24761:2009	Information technology. Security techniques. Authentication context for biometrics Categories: \| Information coding. Character sets Withdrawn begins : 2013-07-18	Withdrawn

Message Committee Become a committee member

Committee members

Nominating organizations

AB&A UK LIMITED
Age Check Certification Scheme
AgeChecked
Amazon Web Services UK Ltd
Association of British Certification Bodies
BCS Information Risk and Assurance (IRMA)
British Business Federation Authority
Cabinet Office
Chris Mitchell Consulting
Committee Manager
Consumer and Public Interest Network
CSTconsultancy – Cyber Risk Consultant
Data Protection Forum
FieldFisher
FIRST - Forum for Incident Response & Security Teams
Fujitsu
Google
Huawei Technologies
ICU AV - Innovative Technology LTD
Identity Management Decisions Ltd
Individual Expert - Cybersecurity, Data Protection, Computer Science
Isoco(UK) Ltd
IT Governance Ltd
KPMG LLP (UK)
MASS
Microsoft Limited
Siemens
Signly
Teeside University
Thales e-Security Ltd
The Age Verification Providers Association
The Institute of Risk Management
Trilateral Research
TrustElevate Ltd
UK Lead - Biometrics
University College London
University of Bath
Verifiable Credentials Ltd
Visa
Yoti Ltd

Liaisons with other committees

Chair - IST/33
Chair - IST/33/3
Individual Capacity - Control Attributes Expert
Individual Capacity - Data Protection & Privacy Expert
Individual Capacity - Identity Assurance
Individual Capacity - Privacy Expert
Liaison - IOT/1/-/5
Liaison - IST/33 to IST/44
Liaison - IST/34
Liaison - SDS/2

BSI roles

Committee Chair

Standards Development

IST/33/5 - Identity Management and Privacy Technologies

Committee standards activity